Efficient creation of wlan connections

ABSTRACT

A method for communication includes receiving at a wireless access point (AP) a directed probe request from a client specifying a service set identifier (SSID) for which the AP was not configured prior to receiving the directed probe request. In reply to the directed probe request, the AP transmits a probe response to the client using the specified SSID.

FIELD OF THE INVENTION

The present invention relates generally to methods and systems forwireless communication, and specifically to operation of wireless localarea networks (WLANs).

BACKGROUND OF THE INVENTION

WLANs have become ubiquitous in homes, workplaces, and public areas.WLAN data connections are commonly used not only by portable computers,but also by dual-mode (cellular/WiFi) smart phones and other types ofmobile devices.

WLANs generally operate in accordance with the IEEE 802.11 family ofstandards, which define both physical layer and medium access control(MAC) protocol components. (The base standard at present is IEEE802.11-2007.) The central building block of the protocol is the basicservice set (BSS), which typically comprises an access point (AP)together with its associated stations (also referred to as clients ormobile devices). The BSS is uniquely identified by its basic service setidentifier (BSSID), which serves as the MAC address of the AP.Typically, each AP has its own BSSID, but it is also possible for anumber of interconnected APs to share a common BSSID, as described, forexample, in U.S. Pat. No. 7,797,016, whose disclosure is incorporatedherein by reference.

Each WLAN, comprising one or more APs, is identified by a service setidentifier (SSID), which is broadcast by the APs to clients withinrange. The SSID, as distinct from the BSSID mentioned above, is a stringup to thirty-two characters long. The SSID can be configured by the WLANoperator at the access point and usually comprises human-readablecharacters (such as “Smith Home WiFi”). The SSID is typically displayedon client devices that receive the AP broadcasts. This display enablesusers of the client devices to see a list of available networks,identified by their SSIDs, and to choose the one to which they wish toconnect. Once the user has chosen to connect to a given SSID, manyclient devices will save a connection profile of the SSID and will usethe profile to automatically connect to the same network thereafter.

SUMMARY

Embodiments of the present invention that are described hereinbelowprovide methods and apparatus for improving communication service inwireless networks.

There is therefore provided, in accordance with an embodiment of thepresent invention, a method for communication, which includes receivingat a wireless access point (AP) a directed probe request from a clientspecifying a service set identifier (SSID) for which the AP was notconfigured prior to receiving the directed probe request. In reply tothe directed probe request, a probe response is transmitted from the APto the client using the specified SSID.

In a disclosed embodiment, the method includes receiving at the accesspoint, following the probe response, an association request from theclient directed to the specified SSID, and establishing a connection forexchanging data between the access point and the client responsively tothe association request.

Typically, receiving the directed probe request includes receivingdirected probe requests from multiple clients, specifying different,respective SSIDs, and transmitting the probe response includestransmitting multiple, respective probe responses from the AP to theclients using the respective SSIDs. In a disclosed embodiment themultiple, respective probe responses contain a common basic service setidentifier (BSSID). Transmitting the multiple, respective proberesponses may include transmitting the probe responses to only afraction of the directed probe requests to which the AP is able torespond within a predefined time limit.

In one embodiment, transmitting the probe response includes prioritizingthe probe response for transmission before other traffic to betransmitted by the AP.

In another embodiment, when the specified SSID refers to a securenetwork requiring predefined authentication credentials, the method mayinclude, after transmission of the probe response, initiating anauthentication procedure with the client despite the AP not having theauthentication credentials.

There is also provided, in accordance with an embodiment of the presentinvention, a method for communication, which includes receiving at awireless access point (AP) directed probe requests from multipleclients, specifying different, respective SSIDs. In reply to thedirected probe requests, multiple, respective probe responses aretransmitted from the AP to the clients using the respective SSIDs whileusing a common basic service set identifier (BSSID).

Transmitting the probe responses may include transmitting at least oneprobe response to a SSID for which the AP was not configured prior toreceiving a directed probe request specifying the SSID.

There is additionally provided, in accordance with an embodiment of thepresent invention, a wireless access point, including a radio interface,which is configured to receive a directed probe request from a clientspecifying a service set identifier (SSID) for which the access pointwas not configured prior to receiving the directed probe request. Aprocessor is coupled to receive the directed probe request from theradio interface and to cause the radio interface to transmit, in replyto the directed probe request, a probe response to the client using thespecified SSID.

There is further provided, in accordance with an embodiment of thepresent invention, a wireless access point, including a radio interface,which is configured to receive directed probe requests from multipleclients, specifying different, respective SSIDs. A processor is coupledto receive the directed probe requests from the radio interface and tocause the radio interface to transmit, in reply to the directed proberequests, multiple, respective probe responses to the clients using therespective SSIDs while using a common basic service set identifier(BSSID).

The present invention will be more fully understood from the followingdetailed description of the embodiments thereof, taken together with thedrawings in which:

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a schematic, pictorial illustration of a system for wirelesscommunication, in accordance with an embodiment of the presentinvention;

FIG. 2 is a block diagram showing details of a wireless access point, inaccordance with an embodiment of the present invention; and

FIG. 3 is a flow chart that schematically illustrates a method forcommunication, in accordance with an embodiment of the presentinvention.

DETAILED DESCRIPTION OF EMBODIMENTS

Many mobile devices are configured to seek continually for an availableWLAN until a suitable connection can be made. Such devices generally useactive scanning, in which the device broadcasts probe requests and thenwaits to receive any probe responses from access points (APs) withinrange. If the mobile device does not succeed in connecting with an APwithin a certain time, it will typically transmit a further proberequest to a different SSID, and will continue doing so on all availablechannels until a connection is made.

The IEEE 802.11 standards provide two types of probe requests:

-   -   Directed probe—The probe request frame transmitted by the mobile        device specifies a certain SSID. Only APs that have been        pre-configured with the SSID specified by the directed probe        request are supposed to reply with a probe response.    -   Broadcast probe—The probe request frame in this case contains a        null SSID. In reply, all APs within range may transmit probe        responses containing their respective SSIDs.        Mobile devices are commonly configured to automatically transmit        both types of probe requests (directed and broadcast) in        alternation. Such mobile devices will typically transmit        directed probe requests specifying SSIDs for which they have        pre-stored connection profiles (by virtue of having made        previous connections to the corresponding networks, for        example). In this case, if a probe response is received, the        mobile device will generally connect automatically, without user        intervention.

On the other hand, when the mobile device transmits a broadcast probeand receives a probe response containing a previously-unknown SSID, themobile device will typically prompt for user confirmation beforeproceeding to complete the connection. Although this mode of handlingnew SSIDs is not required by the 802.11 standard, it is implemented inmost commercially-available mobile devices. The user, however, may beunaware that the mobile device is waiting for input. This situation mayoccur, for example, when the user carries a WLAN-capable smart phone ina pocket or carrying bag. In the absence of confirmation, the smartphone may continue transmitting repeated probe requests indefinitely.

The model of operation of the mobile device that is described above isnot scalable over numbers of mobile devices in mutual proximity and cancause problems of network overload in crowded public places, as hundredsor even thousands of mobile devices continually transmit repeated proberequests. The inventors have found that in some cases, these proberequests fill all available WLAN channels so completely that little orno bandwidth is left for actual data traffic.

Embodiments of the present invention that are described hereinbelowaddress this problem by means of “SSID spoofing,” which enables an AP toreply to directed probe requests even when the directed probe requestspecifies a SSID for which the AP was not previously configured. Uponreceiving such a directed probe request from a given client, the APreads the SSID from the probe request, and then transmits a proberesponse to the client using this same SSID, regardless of whether theAP was configured with this SSID before receiving the probe request. Allof these probe response messages may contain a single, common and uniqueBSSID. Thus, for example, if Mr. Smith's smart phone transmits adirected probe request specifying the “Smith Home WiFi” SSID, the APwill reply with a probe response using the same SSID, as though it werethe Smiths' home network.

As a result of this response from the AP, the client will stop (at leasttemporarily) transmitting probe requests and will attempt to associatewith the AP. If the attempt is successful, a connection will beestablished between the AP and the client, and data exchange can thencommence. The AP can interact in this manner with many different clientsconcurrently, each of which may specify a different, respective SSID;and the AP thus transmits multiple probe responses and may establishmultiple data connections using the different SSIDs. These proberesponses may contain a common BSSID even though their SSIDs aredifferent.

The inventors have found this approach to be particularly useful inreducing network overload and facilitating data communications,particularly in crowded public places. The techniques of SSID spoofingthat are described herein are not limited to this particular use,however, and may be applied for other purposes, as well. For example,SSID spoofing may be used for marketing purposes, in order to collectstatistics regarding mobile devices in a given area, and possibly topush promotional content or other information to mobile devices withwhich spoofed connections are established.

FIG. 1 is a schematic, pictorial illustration of a system 20 forwireless communication, which implements the principles described abovein accordance with an embodiment of the present invention. FIG. 1illustrates a scenario in a stadium, for example, in which an AP 22communicates with mobile devices 24 carried by multiple users who areattending a sports event. Although for the sake of simplicity, only asingle AP is shown in FIG. 1, in practice system 20 may comprisemultiple different APs in different, respective locations. Mobiledevices 24 may comprise smart phones, personal digital assistants,portable computers, or any other suitable WLAN-enabled devices.

Devices 24 may be in active use by their respective users, to conductdata exchanges such as telephone calls, browser sessions, or e-mailtransmission or reception. These devices communicate via AP 22 with awide-area network 26, such as the Internet. At any given time, however,most of devices 24 will likely be in standby mode, in which the devicesautonomously attempt to establish data connections with an availableWLAN while awaiting such a data exchange. In this mode, devices 24generally transmit probe requests, including both broadcast proberequests and directed probe requests until a connection is made. Eachdirected probe request specifies a certain SSID, which is typicallystored as part of a network profile in the respective device 24. In thepictured example, different devices transmit directed probe requestsspecifying SSID1, SSID2, SSID3, SSID4, . . . .

FIG. 2 is a block diagram that schematically shows details of accesspoint 22, in accordance with an embodiment of the present invention. Aradio interface 30 receives signals from and transmits signals to mobiledevices 24 in accordance with an applicable WLAN standard. The radiointerfaces demodulates and passes incoming signals to a MAC processor32. The MAC processor is configured to support multiple SSIDsconcurrently, including SSIDs for which the AP was not configured priorto receiving directed probe request specifying these SSIDs, as explainedabove. MAC processor 32 connects to network 26 via a suitable networkinterface 34, such as a wired local area network (LAN) interface.

MAC processor 32 typically comprises hard-wired or programmable logiccircuits, which are configured to carry out 802.11 processing functions,as are known in the art, in conjunction with the SSID spoofing functionsthat are described herein. Alternatively or additionally, MAC processor32 may comprise a programmable microprocessor, which is programmed insoftware to carry out at least some of these functions. The software maybe downloaded to processor 32 in electronic form, over a network, forexample. Additionally or alternatively, the software may be stored onnon-transitory tangible storage media, such as optical, magnetic, orelectronic memory media. As another alternative, at least some of theMAC processing functions in system 20, including the SSID spoofingfunctions, may be carried out by a central management hub (not shown),in a configuration such as that described in the above-mentioned U.S.Pat. No. 7,797,016.

FIG. 3 is a flow chart that schematically illustrates a method forcommunication using SSID spoofing, in accordance with an embodiment ofthe present invention. The method is described, for the sake of clarity,with specific reference to the components of system 20, but it maysimilarly be implemented in substantially any sort of WLAN.

The method is initiated when a given device 24 (also referred to as aclient) transmits a directed probe request, at a probe transmission step40. This probe request specifies a certain SSID, typically one for whichthe client has stored a profile with connection characteristics,possibly as a result of a previous connection to the network to whichthe SSID actually belongs. Typically, multiple clients may transmit suchprobe requests concurrently, each specifying its own SSID.

Access point 22 reads the SSID from the directed probe request andgenerates a probe response using the same SSID, at a response step 42,regardless of whether the access point was previously configured withthis SSID. Each probe response contains both the SSID specified by theappropriate mobile device 24 and the BSSID of the access point. Thus,the access point may transmit probe responses (and other messages) withmultiple different SSIDs, but all with a common BSSID.

The 802.11 standard requires access points to respond to directed proberequests rapidly, typically within a few milliseconds. In a busynetwork, such as in the situation shown in FIG. 1, however, the lengthof the transmit queue of AP 22 may be much longer than a fewmilliseconds of transmission time. If device 24 does not receive a proberesponse within the required time limit, it will move on to transmit itsnext probe request on another channel and will ignore belated responsesto the previous probe request. In order to avoid this problem, AP 22 maytransmit directed probe responses at step 42 with higher priority thanother traffic. For this purpose, AP 22 may maintain a separate,high-priority queue for these probe responses.

If AP 22 is still unable to respond to a given directed probe requestwithin the prescribed time limit (due to the length of the proberesponse queue, for example), it will typically drop the given requestentirely rather than waste bandwidth on a probe response that is likelyto be ignored by the mobile device to which it is directed. Thus, inbusy network conditions, in which AP 22 receives many directed proberequests concurrently, the AP may send responses only to the fraction ofthe probe requests to which it is able to respond within the timelimited imposed by the standard.

When a client receives a probe response with a recognized SSID, itattempts to complete a connection with the AP that sent the proberesponse, at an association step 44. For this purpose, the clienttransmits authentication and association request frames, in accordancewith the 802.11 standard. As long as the client's stored profile for theSSID in question does not require security features (such as apassword), the client and AP 22 should be able to complete theassociation automatically, without user intervention. AP 22 and device24 will then be able to exchange data as appropriate, at a data exchangestep 46. In the meanwhile, device 24 will refrain from transmittingfurther probe requests and will therefore, for the most part, notinterfere with transmissions to and from other devices. AP 22establishes and maintains connections of this sort concurrently withmultiple different devices 24, using multiple different SSIDs.

For secure networks, the 802.11 standard mandates an authenticationprocedure known as a “Four-Way Handshake.” AP 22 may be configured toinitiate this procedure at step 44, despite not having the credentialsneeded to complete the procedure, and may continue the procedure for aslong as possible, taking advantage of long timeout periods that areprovided by the standard. As a result, even if device 24 is unable tocomplete the association at step 44 (due to security features in theclient profile, for example), the device will still be occupied for sometime in carrying out the protocol exchange. During this period, device24 will refrain from transmitting further probe requests, and theinterference due to repeated probe requests will be mitigated, even ifnot eliminated entirely. When the association attempt at step 44 fails,device 24 will transmit a further directed probe request, and theprocess will accordingly begin again at step 40, for as long as thedevice is within range of AP 22 or until the user of the device takessome action.

Although the embodiments described above relate mainly to mitigatinginterference due to probe requests, these methods of SSID spoofing maysimilarly be used for other purposes, such as gathering and/ordistributing marketing-related information, as noted above. It will thusbe appreciated that the embodiments described above are cited by way ofexample, and that the present invention is not limited to what has beenparticularly shown and described hereinabove. Rather, the scope of thepresent invention includes both combinations and subcombinations of thevarious features described hereinabove, as well as variations andmodifications thereof which would occur to persons skilled in the artupon reading the foregoing description and which are not disclosed inthe prior art.

1. A method for communication, comprising: receiving at a wirelessaccess point (AP) a directed probe request from a client specifying aservice set identifier (SSID) for which the AP was not configured priorto receiving the directed probe request; and in reply to the directedprobe request, transmitting a probe response from the AP to the clientusing the specified SSID.
 2. The method according to claim 1, andcomprising: receiving at the access point, following the probe response,an association request from the client directed to the specified SSID;and establishing a connection for exchanging data between the accesspoint and the client responsively to the association request.
 3. Themethod according to claim 1, wherein receiving the directed proberequest comprises receiving directed probe requests from multipleclients, specifying different, respective SSIDs, and whereintransmitting the probe response comprises transmitting multiple,respective probe responses from the AP to the clients using therespective SSIDs.
 4. The method according to claim 3, wherein themultiple, respective probe responses contain a common basic service setidentifier (BSSID).
 5. The method according to claim 3, whereintransmitting the multiple, respective probe responses comprisestransmitting the probe responses to only a fraction of the directedprobe requests to which the AP is able to respond within a predefinedtime limit.
 6. The method according to claim 1, wherein transmitting theprobe response comprises prioritizing the probe response fortransmission before other traffic to be transmitted by the AP.
 7. Themethod according to claim 1, wherein the specified SSID refers to asecure network requiring predefined authentication credentials, andwherein the method comprises, after transmission of the probe response,initiating an authentication procedure with the client despite the APnot having the authentication credentials.
 8. A method forcommunication, comprising: receiving at a wireless access point (AP)directed probe requests from multiple clients, specifying different,respective SSIDs; and in reply to the directed probe requests,transmitting multiple, respective probe responses from the AP to theclients using the respective SSIDs while using a common basic serviceset identifier (BSSID).
 9. The method according to claim 8, whereintransmitting the probe responses comprises transmitting at least oneprobe response to a SSID for which the AP was not configured prior toreceiving a directed probe request specifying the SSID.
 10. A wirelessaccess point, comprising: a radio interface, which is configured toreceive a directed probe request from a client specifying a service setidentifier (SSID) for which the access point was not configured prior toreceiving the directed probe request; and a processor, which is coupledto receive the directed probe request from the radio interface and tocause the radio interface to transmit, in reply to the directed proberequest, a probe response to the client using the specified SSID. 11.The access point according to claim 10, wherein the processor isconfigured to receive, following the probe response, an associationrequest from the client directed to the specified SSID, and to establisha connection for exchanging data between the access point and the clientresponsively to the association request.
 12. The access point accordingto claim 10, wherein the processor is configured to receive directedprobe requests from multiple clients, specifying different, respectiveSSIDs, and to cause the radio interface to transmit multiple, respectiveprobe responses to the clients using the respective SSIDs.
 13. Theaccess point according to claim 12, wherein the multiple, respectiveprobe responses contain a common basic service set identifier (BSSID).14. The access point according to claim 12, wherein the processor isconfigured to transmit the probe responses to only a fraction of thedirected probe requests to which the access point is able to respondwithin a predefined time limit.
 15. The access point according to claim10, wherein the processor is configured to prioritize the probe responsefor transmission before other traffic to be transmitted by the AP. 16.The access point according to claim 10, wherein the specified SSIDrefers to a secure network requiring predefined authenticationcredentials, and wherein the processor is configured, after transmissionof the probe response, to initiate an authentication procedure with theclient despite the access point not having the authenticationcredentials.
 17. A wireless access point, comprising: a radio interface,which is configured to receive directed probe requests from multipleclients, specifying different, respective SSIDs; and a processor, whichis coupled to receive the directed probe requests from the radiointerface and to cause the radio interface to transmit, in reply to thedirected probe requests, multiple, respective probe responses to theclients using the respective SSIDs while using a common basic serviceset identifier (BSSID).
 18. The access point according to claim 17,wherein the processor is configured to cause the radio interface totransmit at least one probe response to a SSID for which the accesspoint was not configured prior to receiving a directed probe requestspecifying the SSID.